#!/usr/bin/env bash

# */10 * * * * nginx /usr/local/nginx/nginx-badreq-defence/crontab_nginx_deny.sh > /dev/null 2>&1 &

nginx_path=/usr/local/nginx
allow_refer_regex="ajing\.cn"

#< "${nginx_path}"/logs/"$(date +'%Y-%m-%d')".access.log awk -F ' ' '$2>=400 && $2<500 && $3 !~ /'${allow_refer_regex}'/ {printf "%s\n", $1}' | sort -r | uniq -c | awk '$1>=2 {printf "deny %s;\n", $2}' > ${nginx_path}/deny.temp
< "${nginx_path}"/logs/"$(date +'%Y-%m-%d')".access.log awk -F ' ' '$2>=400 && $2<500 {printf "%s\n", $1}' | sort -r | uniq -c | awk '$1>=2 {printf "deny %s;\n", $2}' > ${nginx_path}/deny.temp

cat ${nginx_path}/deny.temp "${nginx_path}"/conf/blocksip.conf | sort | uniq > "${nginx_path}"/conf/blocksip.conf.temp
mv -f "${nginx_path}"/conf/blocksip.conf.temp "${nginx_path}"/conf/blocksip.conf

${nginx_path}/sbin/nginx -s reload
